Hi, Mathias Gygax wrote: > > > i wanted to post something about lids, but then i thought, it doesn't > > make sense in this case. > > i think it does make sense.
as far as i have read the problem is, that the (wo)man, who has a root-account is able to read mails. what is the advantage of installing lids compared with removing the root-account from this (wo)man? > but... root in this setup is > useless. you can't do anything that looks like administration. so, if you can't remove the root right from this person generally, you can't install lids. well, i think lids is "only" very useful to "seperate" daemons (e.g. when sendmail is exploited, the attacker can't modify zone-files from named or open the named port, even if sendmail runs as root) and to detect such exploits. bye Ralf
